CVE-2022-30904

Name of the Vulnerable Software and Affected Versions Bestechnic Bluetooth Mesh SDK (BES2300) version 1.0

Description A buffer overflow issue can be triggered during provisioning due to the lack of a check for the SegN field of the Transaction Start PDU. This occurs because there is no validation for the SegN field, leading to a potential overflow.

Recommendations For Bestechnic Bluetooth Mesh SDK (BES2300) version 1.0, as a temporary workaround, consider implementing a check for the SegN field of the Transaction Start PDU to prevent the buffer overflow. However, at the moment, there is no information about a newer version that contains a fix for this issue.